Consumers aren’t the only ones being tricked into paying money to cybercriminals. a recent study by Saas Medius and Censuswide.
“Invoice fraud is something that happens all the time, but people don’t talk about it because it’s embarrassing, it hurts their brands and their supplier relationships,” said Branden Jenkins, COO at Sweden-based Medius in an interview. . “It’s an endemic problem.”
It is a crime that affects businesses of all sizes. In 2019, a Lithuanian man pleaded guilty to US charges of helping to defraud the company now known as Meta and Alphabet’s Google out of more than $100 million by posing as a hardware vendor and claiming that the company owed them money in what is sometimes called a “compromised courier business,” according to a Reuters report of March 20, 2019.
According to the Medius survey of 2,750 finance executives in North America, Europe and Asia, many finance executives are unaware of the extent of the problem. The study found that one in four or 25% of finance executives surveyed were unable to estimate the cost of invoice fraud to their business, even though last year the study found that on average, finance teams had identified 12 cases of this type of fraud.
As businesses and their finance teams increasingly turn to digital payments over paper invoices, there’s a modern twist to scams these days. While there are a combination of schemes companies can be defrauded of in the billing process, Jenkins said some of the most common to guard against are:
- Illegitimate suppliers“What ends up happening is that vendors that aren’t legitimate will come into your system and submit invoices for a low enough amount and just get approved,” Jenkins said. “It’s a volume game – they’re not big enough to trigger approvals.” It’s one of the biggest scams, Jenkins said. This happens when companies don’t have a process in place to review and set up a supplier. Such a system would ensure that multiple people within the company would check that vendors were on the list of paying vendors and would use third parties to verify that they were legitimate businesses, he said.
- Fraudulent invoices/false invoices: This usually involves invoices from a valid supplier, but there will be a slight change in payment information such as a different address, ACH routing number or email address, Jenkins said. “Just enough is changed that when you get the invoice, you say, ‘oh yes, it’s a valid supplier, we’re paying it, it says here to update bank information, no problem’, and then this money is diverted to a fraudulent account,” Jenkins said. Capture technology and other solutions can often detect this, but when companies receive hundreds of invoices a day, they may not detect it, Jenkins said. This type of fraud can be perpetrated by someone on the vendor side, someone on the paying company side who knows they are receiving bills and changing bank account information, or there can be bad actors of the so-called dark web that capture this information, he said.
- Intercept mailed checks: About 40% of businesses still send checks to the United States. Checks are permanently intercepted; fraudsters will edit and change the name, digitally enter the check, change the payment information, and then deposit it into their account, Jenkins said. “The fact is, companies don’t reconcile,” he said. “They don’t look at every check to make sure it’s positive pay, so that’s another way to get to that $300,000 a year. [of invoice fraud] for companies. »
Medius provides accounts payable management software that automates the invoicing process. But even with technology that eases the payment process and helps detect scams, Jenkins said CFOs and finance teams need to remain vigilant for invoice fraud.
“If you don’t constantly monitor it, you can’t mitigate risk,” he said. This requires “continuous improvements and checkups,” he said.